EN FR DE
MAIN MENU
Solutions

Packages

Remote desktop
management & IT operations

Boost productivity, decrease costs, and increase security with a centralized platform where you can manage a wide range of remote connections and tools.

Workforce password management

Improve your security strategy without reducing productivity by using a password management solution.

Privileged access
management

Diminish the risk of insider threats and cyberattacks while providing audit and compliance requirements for your team.

Remote access
management

Establish a secure entry point for internal or external segmented networks that require authorized just-in-time (JIT) access.

IT automation with PowerShell Universal

Streamline routine IT tasks and boost productivity with integrated scripting, orchestration, and reporting.

Devolutions
Remote Desktop Manager Free

Best all-in-one remote connection and credential management tool for independent IT users

blue box

Full power for small teams

All products available in our Starter Pack at half price for teams of 5

Personalized trial for 100+ users

Free expert or self-guided proof of concept for up to 90 days

Seamless integrations with RDM

Browse our 100+ integrations and boost your productivity

Compare our solution packages Visit store & get a quote
Products
Products

Devolutions
Remote Desktop Manager

The best remote connection manager in the industry

Devolutions
PAM

Easy-to-deploy privileged access management built for IT pros

Devolutions
Workspace

All your passwords and work credentials in one place

Devolutions
Launcher

Remote connection launching tool

Devolutions
Gateway

Secure remote access management — no VPN required
Devolutions PowerShell Universal

Devolutions
PowerShell Universal

A unified platform for PowerShell scripting and automation

Data sources
Devolutions Server Self-hosted vault
Devolutions Hub Business Cloud-hosted vault
Companion tools
Devolutions Send
Devolutions Send Secrets sharing made quick, secure, and simple
Devolutions Agent
Devolutions Agent System service to control privileged operations
Discover Remote Desktop Manager Free See more free tools for individual users
Resources
Resources

Devolutions Academy

Your FREE go-to hub for mastering Devolutions' suite of products and services.

Devolutions forum

The Devolutions Forum is the place to go to connect with your peers and the Devolutions team.

Devolutions documentation

Get answers to product specifications, settings and more on our documentation.

Devolutions blog

Stay up to date with our weekly articles on our blog, the toolbox for your IT success.

On-demand Lab
Success stories
Reports & white papers
Devolutions force
Learn a quick tip in 5 minutes! Browse feature requests
Company
About
Devolutions Timeline Lifestyle
Media
Devolutions logos Wallpapers
Careers
Welcome Available positions Spontaneous application
Newsroom
Press releases Newsletters In the news
Security & compliance
Security Advisories Trust center Legal & privacy Report a security issue Compliance
Contact
Send message Send message Call me Call me
Technical support Sales Contact information

Security & compliance

Upholding the highest standards to protect your data and ensure trust.

Back to listing

DEVO-2026-0005

Devolutions Server and Remote Desktop Manager are affected by multiple vulnerabilities.

Affected Products

Devolutions Server
2025.3.15.0 and earlier
Remote Desktop Manager
2025.3.30 and earlier

Change Log

Initial publication - 2026-03-03

9.5 Critical - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Broken authentication in Microsoft Authentication mode of Devolutions Server

Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).

The victim email must be known for the attack to succeed.

Affected Products

CVE(s)

CVE-2026-3224

Remediation and Workarounds

Upgrade to Devolutions Server 2025.3.16 or higher

If upgrade is not possible, Microsoft authentication mode should be disabled.

Credits

truff

5.1 Medium - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N

Improper Enforcement of Behavioral Controls in PAM Multi-Account Deletion

Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion. This can bypass intended protections and may interfere with Just-in-Time (JIT) privilege revocation, potentially resulting in persistent elevated privileges.

Affected Products

CVE(s)

CVE-2026-3130

Remediation and Workarounds

Upgrade to Devolutions Server 2025.3.16 or 2026.1

5.1 Medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tamperable error messages

The error message page in Devolutions Server displayed a message provided in the URL. This could be used by a malicious actor to display spoofed error messages, for example in phishing attempts.

The page was modified to display error messages based on error codes.

Affected Products

CVE(s)

CVE-2026-3130

Remediation and Workarounds

Upgrade to DVLS 2025.3.16 or 2026.1

2.0 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Passwords can be saved when password saving is disabled

Passwords of some connection types could still be saved even when the option “Disable password saving in vaults” is enabled in System Settings.

The affected connection types are:

  • AWS dashboard
  • AWS Identity and Access Management (IAM)
  • Microsoft Azure Table Storage Explorer
  • BeyondTrust Admin session
  • Dell iDRAC
  • Google Cloud explorer
  • HP iLO
  • Autofill login (native application)
  • Proxmox dashboard
  • Salesforce Cloud
  • Splashtop dashboard
  • TN3270
  • IBM5250
  • CyberArk dashboard
  • Amazon EC2

Affected Products

CVE(s)

CVE-2026-2590

Remediation and Workarounds

Upgrade to Remote Desktop Manager 2026.1